8/6/2019 eDisco Compliance Whitepaper
1/13
ASearchCompliance.comEBook
1 DATA SECURITY IN THE E-DISCOVERY PROCESS SEARCHCOMPLIANCE.COM
CHAPTER1
Ease the Painof E-discovery
CHAPTER2
E-discoveryGets Smart
CHAPTER3
Avoiding theBreach
CHAPTER4
CSI: Compliance
DataSecurityinthe
E-discoveryProcessE-discovery can be complicated, time-consumingand expensiveand so can proper data security.Heres how to merge the two and get the most bangfor your buck.
8/6/2019 eDisco Compliance Whitepaper
2/13
8/6/2019 eDisco Compliance Whitepaper
3/13
E-discoverymay be adirty word among ITexecutives, but a more
aggressive use ofrecords managementtools can help alleviatethe pains and cost.BY KEVIN BEAVER
COMPLIANCE IS OFTEN deemed a dirtyword in IT circles. But I have another10-letter word that's just as dirty:e-discovery. This one word arguablycreates the most angst among ITexecutives today. But there is a wayto soften that angst with the help oftwo other words: records manage-ment.
I have a lot of firsthand experiencewith e-discovery-related projects, soI can attest to the level of effort theyrequire of a variety of people in ITroles. Similarly, in my expert-witnesswork, Ive seen how quickly certain e-discovery requests are made by attor-neys. The whole process of e-discov-
ery is often brutal, extracting itspound of flesh from an enterprise,regardless of the resources it has todevote to it.
What used to be a cash cow for a
select few e-discovery firms with theright tools has gone mainstream.There are numerous e-discovery andrecords management applications tohelp reduce the pain and cost associ-ated with discovery requests. Accord-ing to Stamford, Conn.-based consul-tancy Gartner Inc., the market fore-discovery software will reach $1.5billion this year. Vendors such as EMC
Corp., Optical Image Technology Inc.,StoredIQ Inc. and Messaging Archi-tects offer an array of archiving, e-dis-covery and information managementsolutions focused on records manage-ment.
The increase in data breaches,bribery and insider abuse underscoresthe need for such tools. Withoutthem, its practically impossible tosearch through hundreds of gigabytesof electronic records for the relativelysmall subset of data thats needed. Ifyou dont have some semblance ofelectronic records management andsomething bad happens that leads toe-discovery, youre toast.
Chapter 1
3 DATA SECURITY IN THE E-DISCOVERY PROCESS SEARCHCOMPLIANCE.COM
CHAPTER1
Ease the Painof E-discovery
CHAPTER2
E-discoveryGets Smart
CHAPTER3
Avoiding theBreach
CHAPTER4
CSI: Compliance
Ease the Pain
of E-discovery
8/6/2019 eDisco Compliance Whitepaper
4/13
THE IMPORTANCE OF
RECORDSMANAGEMENT
Looking at the bigger picture, recordsmanagement is deeply entrenched in
various business, compliance and ITprocesses. Given the amount of infor-mation you have, combined with thecomplexity of your information sys-tems, the only reasonable way tomanage these aspects of electronicdata is with a good records manage-ment tool.
One of the greatest risks to any
business is a lack of knowledge aboutwhat electronic information is, and thehard fact is that many businesses havelittle or no control over data classifica-tion and retention. These two factorsare a dark cloud hovering over an en-terprise, threatening to burst into araging storm. You would be wise to leanon records management tools for help.
That said, as much as these tools
can help, they are hardly a panaceayou will have to streamline your man-agement processes as well. If you real-ly want to get records managementand e-discovery down to a science,you will have to tweak both your busi-ness processes and the culture insideyour organization. This will require:
I Obtaining and maintaining buy-infrom members of upper manage-ment (which should be easy becauseits their rear ends on the line);
I Putting the necessary policies inplace (classification, retention, labeling and disposal come to mind);
I Getting the word out on what consti-tutes business records (this is thetough part, but it has to be done);
I Holding people accountable fortheir actions when missteps occur(making them understand that"Internal use only" and "Archiveafter 90 days" mean just that); and
I Working with legal counsel periodi-cally to ensure that your system iskept current (theres nothing worse
than an outdated records manage-ment system that creates moreproblems than it solves).
Getting management and employeebuy-in is half the battle. The typicallyslow-moving bureaucracy that hauntslarger enterprises often hinders infor-mation security and risk managementefforts. But we can all learn from the
finely tuned records management pro-cesses many such businesses utilize.
It would be wise to look into thesesolutions. If you need help justifyingtheir cost, many vendors have alreadydone the research for you. The moneysaved in one e-discovery request canpay for a solution tenfold. Why nottake that leap and invest in the righttools now, before you really needthem? Things are only going tobecome more complex. I
Kevin Beaver is an information security consultant
and expert witness, as well as a seminar leader and
keynote speaker at Atlanta-based Principle Logic
LLC. Write to him at [email protected].
Chapter 1: Ease the Painof Ediscovery
4 DATA SECURITY IN THE E-DISCOVERY PROCESS SEARCHCOMPLIANCE.COM
CHAPTER1
Ease the Painof E-discovery
CHAPTER2
E-discoveryGets Smart
CHAPTER3
Avoiding theBreach
CHAPTER4
CSI: Compliance
mailto:[email protected]:[email protected]:[email protected]:[email protected]8/6/2019 eDisco Compliance Whitepaper
5/13
The e-discoverysoftware market isgrowing due to morestringent governance,risk managementand complianceregulationsandits creating smartersolutions.BY ADRIAN BOWLES
THE PAST DECADE has seen increasingdemands on enterprises of all sizes,and in all industries, to be preparedto produce specific business recordsin defending themselves against pros-ecution. Data from many systemsunder IT control may be required tosatisfy regulators and the courtscharged with enforcing privacy, secu-rity, governance, environmental andtrade/tariff rules and regulations.
Most of the attention to e-discoveryin the popular press is focused onemailsthe proverbial smokingguns in regulatory cases. But datastemming from various areas of an
organization may be requested in alegal proceeding. As the demand forbetter archiving solutions hasincreased alongside the overall growthof enterprise data, its not surprisingthat e-discovery software is growingas a market.
To make sense of the requirements,the Electronic Discovery ReferenceModel (EDRM) has become the defacto reference used by vendors, con-sultants and buyers of e-discoverysoftware products and services.EDRM is organized by projects, eachof which comprises working groups.The v2 reference model includes:
I Identification: Identification andcertification of electronically storedinformation (ESI) sources that maybe relevant to discovery requests.
I Preservation and collection: Decidewhat to preserve and for how long.Litigation hold is a stipulation topreserve recordspaper and ESIthat may be required in a legalaction. Knowing what may berequired by rule and practice isessential to a preservation policyand to subsequent collection efforts(which may involve people or anautomated system to find and pro-duce records).
Chapter 2
5 DATA SECURITY IN THE E-DISCOVERY PROCESS SEARCHCOMPLIANCE.COM
CHAPTER1
Ease the Painof E-discovery
CHAPTER2
E-discoveryGets Smart
CHAPTER3
Avoiding theBreach
CHAPTER4
CSI: Compliance
E-discovery Gets Smart
8/6/2019 eDisco Compliance Whitepaper
6/13
I Processing, review and analysis:These are the heart of e-discoverysoftware, and the steps where spe-cific legal functionality and knowl-
edge/rules must be applied. Thedefending enterprise must deter-mine, according to laws, rules,guidelines and precedents, whichdata (including metadata) must beproduced for opposing counsel. Coresearch technologies of today maysoon be augmented by smarterprocessing in the future.
I Production: Extraction and prep-aration of relevant data.
I Presentation: The display of ESI informats suitable for review by peo-ple charged with their evaluation:courts, counsel, juries, etc.
As noted, the processing/review/
analysis steps require more legalknowledge than the rest. Therefore,it is natural that specialized vendorshave emerged to address those steps,and just as natural that more tradi-tional database archiving vendorshave adapted their waresor at leasttheir marketingto address the ancil-lary steps.
When asked about the plethora ofvendors approaching e-discovery froma database and archiving standpoint,Parity Research founder Gary Mac-Fadden noted, the e-discovery spaceis immatureyou see a lot of ham-mers looking for nails.
One product manager noted that
the technology his firm developed fordatabase archiving has found favor asan e-discovery aid because there is abig push from risk and compliance
managers for live archiving. As aresult, they are able to apply the sametype of data retention strategy torecords management and compliance.
IT has traditionally focused on priceand performance of database archiv-
ing solutions when making buyingdecisions, based on criteria such asfrequency of retrieval and storagecosts. The new emphasis on collec-tion, search and review can compli-cate purchasing, but it can also helpfree up the budget. When the transac-tion system is the system of recordthat may be subject to review underthe Sarbanes-Oxley Act, those facedwith the possibility of fines and incar-ceration are more inclined to fundappropriate expenditures for adequateimprovements and controls.
Vendors with strengths in the keyprocesses, such as Autonomy Corp.,Clearwell Systems Inc., Recommind
Chapter 2: EdiscoveryGets Smart
6 DATA SECURITY IN THE E-DISCOVERY PROCESS SEARCHCOMPLIANCE.COM
CHAPTER1
Ease the Painof E-discovery
CHAPTER2
E-discoveryGets Smart
CHAPTER3
Avoiding theBreach
CHAPTER4
CSI: Compliance
Thenewemphasis
oncollection, searchand reviewcancompli-
catepurchasing, but
it canalsohelp free
upthebudget.
8/6/2019 eDisco Compliance Whitepaper
7/13
Inc. and ZyLAB North America LLC,now face giants such as EMC Corp.(Kazeon Systems Inc.), IBM (Open-Pages Inc., PSS Systems Inc.), Infor-
matica Corp., Oracle Corp., SAP AGand Symantec Corp. as formidablecompetitors in the e-discovery space.
While the market shakes out, itscommon for IT managers to look firstto their traditional suppliers (enter-prise software and hardware vendors),while legal, compliance and risk man-agers are wooed by the new breed of
e-discovery solution providers. IToften has direct responsibility for soft-ware acquisition and operations, whilethe other stakeholders have more visi-ble liability for compliance and legalactions.
This may set up a somewhat uneasyrelationship and budget conflict. Weare seeing new mandates from riskmanagement and compliance man-
agers, but funding still comes primari-ly through IT. One vendor suggestedthat this makes the buying cycleshorter, but the implementation cyclemay actually take longer due toincreased scrutiny and participationfrom new stakeholders.
For now, risk management and com-pliance professionals should be pre-pared to look beyond immediate regu-latory concerns to include e-discoverypolicy choices when evaluating all
enterprise software purchases. ITexecutives, meanwhile, should famil-iarize themselves with the new play-ers at the heart of e-discovery, either
as possible solutions or to challenge
their incumbent enterprise solutionproviders to provide comparable func-tionality. There will no doubt be fur-ther consolidation in this space, butthe courts wont wait, and neithershould IT. I
AdrianBowleshas more than 25 years of
experience as an analyst, practitioner and academic
in IT with a focus on IT strategy and management.
He is the founder of SIG411 LLC, an advisory services
firm in Westport, Conn., and director of the Sustain-ability Leadership Council. Write to him at
Chapter 2: EdiscoveryGets Smart
7 DATA SECURITY IN THE E-DISCOVERY PROCESS SEARCHCOMPLIANCE.COM
CHAPTER1
Ease the Painof E-discovery
CHAPTER2
E-discoveryGets Smart
CHAPTER3
Avoiding theBreach
CHAPTER4
CSI: Compliance
Fornow, riskmanage-
mentandcompliance
professionals should be
prepared to lookbeyond
immediate regulatory
concerns to includee-discoverypolicy
choiceswhenevaluat-
ing all enterprise
softwarepurchases.
8/6/2019 eDisco Compliance Whitepaper
8/13
Web-based vulnera-bilities are often sim-ple to exploit becauseno ones watching.To protect your data,
expand the scope ofyour incident responseand Web forensics.BY KEVIN BEAVER
WHEN WE THINK about computer foren-
sics and incident response, its oftenin the context of workstations andserversitems at the OS level, andrightly so, as thats where many Websecurity breaches take place. Frommalware infections to password crack-ing to lost or stolen laptops, theresoften plenty of information right insidethe operating system to help create aforensic timeline. But theres an areaof Web forensics and incident re-sponse that we dont hear about asmuch: websites and applications.
Why is this? There are severalreasons:
1. The assumption that a firewall and
Secure Sockets Layer for Webencryption are all thats needed.
2. The assumption that your managedsecurity services provider is takingcare of things.
3.The assumption that your lastWeb security scan didnt turnup anything, so alls well.
4. The assumption that your businessdoesnt have anything the bad guyswould want.
In many cases, Web-based systemshave remained out of the spotlight.
Perhaps its because of the complexityof Web systems and all of the compo-nents involved? When you experiencea Web security breach, there arenumerous systems that may need tobe analyzed. These include routers,network firewalls, Web applicationfirewalls, Web servers and databaseservers. This shouldnt keep Web sys-tems off your incident response radar,however. Given vulnerabilities asprevalent as cross-site scripting, Web-based malware and weak passwords,you have to ensure that your Webenvironment isnt taken for granted.After all, you cant respond to whatyou dont acknowledge.
Chapter 3
8 DATA SECURITY IN THE E-DISCOVERY PROCESS SEARCHCOMPLIANCE.COM
CHAPTER1
Ease the Painof E-discovery
CHAPTER2
E-discoveryGets Smart
CHAPTER3
Avoiding theBreach
CHAPTER4
CSI: Compliance
Avoiding the Breach
8/6/2019 eDisco Compliance Whitepaper
9/13
When I refer to Web environment, Idont mean just your main websiteand your public-facing Web applica-tions. Instead, Im referring to every
critical Web system you have, bothexternally facing and on your internalnetwork. In my security assessments,I often find the greatest risks are tointernal Web systems such as finan-cial applications, intranet portals andsystem management interfaces. Somecommon Webcentric vulnerabilities Ifind are in core processing systems
and ATMs in banks, firewall and stor-age management systems, physicalsecurity closed-circuit television mon-itoring systems and Microsoft Share-Point systems.
The one thing thats easy to forgetis that its often easier to abuse thesecritical internal systems because, afterall, everyones trusted if theyre onthe internal network. Theres nothing
to worry about, right? Nope. You dohave stuff to worry aboutespeciallywhen it comes to the governance andcompliance of critical business sys-tems.
The reality is, Web-based vulnera-bilitiesboth public-facing and inter-nalare, more often than not, simpleto exploit because no ones watching.Theres little to no logging, limited sys-tem monitoring and no real accounta-bility. If something happens in such a
scenario, whos to blame? How areyou even going to perform a forensicsanalysis when you dont have any visi-bility into the environment or controls
in place generating data to analyze?
Cast a broader net and expand yourscope for incident response and Webforensics. Otherwise, your Web-basedsystems are sitting ducks and yourhands are going to be tied when theunimaginable becomes reality. I
Kevin Beaver is an information security consultant
and expert witness, as well as a seminar leader andkeynote speaker at Atlanta-based Principle Logic
LLC. Write to him at [email protected].
Chapter 3: Avoiding theBreach
9 DATA SECURITY IN THE E-DISCOVERY PROCESS SEARCHCOMPLIANCE.COM
CHAPTER1
Ease the Painof E-discovery
CHAPTER2
E-discoveryGets Smart
CHAPTER3
Avoiding theBreach
CHAPTER4
CSI: Compliance
SomecommonWeb-
centric vulnerabilities
I findare incore process-
ing systems andATMs
inbanks, firewall and
storagemanagementsystems,physical secu-
rity closed-circuit tele-
visionmonitoring
systemsandMicrosoft
SharePoint systems.
mailto:[email protected]:[email protected]:[email protected]:[email protected]8/6/2019 eDisco Compliance Whitepaper
10/13
Computer forensics isperceived as a sciencerarely used by com-pliance officers, butthats just not the case.BY KEVIN BEAVER
COMPUTER FORENSICS technology is anemerging field involving security inci-dent and data breach investigations.The general perception is that com-puter forensics is a highly specialized
area that businesses rarely tap into. Inreality, it can be used in a wide arrayof circumstancesin fact, anyoneworking in or around IT, legal, compli-ance and human resources depart-ments can benefit from learning moreabout computer forensics technologyand the impact that it has on the over-all information risk managementprocess.
Computer forensics technologyinvolves securing, collecting and ana-lyzing digital evidence related to com-puter security incidents, data breach-es and similar abuses of computersystems. Depending on the circum-stances, law enforcement officers can
perform the detailed technical andoperational procedures associatedwith forensics investigations. Mostcomputer forensics investigationsrequire either commercial or opensource software to uncover and pre-serve the details of what took place
during the event in question.
Whats the difference between
computer security and computer
forensics?There are information system controlsand security assessments for thosewho take security seriously, and foren-sics tools and techniques for thosewho dont. Computer security is
proactive and involves the manage-ment of information risks beforesomething happens. Computer foren-sics is reactive and is something youdo after a breach.
The prospect of a security breach isvery real, no matter how proactive youare and no matter how tightly thingsare locked down. Experienced compli-ance officers and security managershave systems for both the proactiveand reactive components of managingtheir information systems.
How does computer forensics
technology tie into incident
response?
Chapter 4
10 DATA SECURITY IN THE E-DISCOVERY PROCESS SEARCHCOMPLIANCE.COM
CHAPTER1
Ease the Painof E-discovery
CHAPTER2
E-discoveryGets Smart
CHAPTER3
Avoiding theBreach
CHAPTER4
CSI: Compliance
CSI: Compliance
8/6/2019 eDisco Compliance Whitepaper
11/13
Incident response is the act ofresponding in a systematic andmethodical way to internal and exter-nal security breaches. Forensics is a
component of incident response thatoutlines how breach investigations areactually carried out through a numberof tools and techniques.
There are various types of incidentsor breaches that may warrant a com-puter forensics investigation, including:
I External attackers performing an
SQL injection against a Web applica-tion to siphon data out of the data-base;
I External attackers breaking into anunsecured wireless network andgaining access to the internal net-work;
I Rogue employees copying sensitive
information to an external hard driveto take off-site and share with a thirdparty;
I A careless employee leaving anunencrypted laptop computer in hiscar, and the computer is then stolen.
The general assumption is that allsecurity breaches are known and visi-ble, but thats not always the case.Certain controls such as activity moni-toring, audit logging and passwordlockouts can aid in both detection andforensics investigations when abreach occurs. The important thing isto ensure that the lack of an incident-
response plan doesnt leave a hole inyour information risk managementand compliance strategies. Its alsoimportant to realize that certain
breaches may go undetected for aperiod of time, especially if the propercontrols arent in place.
Is a formal forensics analysisneeded for every suspected or
known security breach?
It depends. This needs to be discussedin advance by your security commit-
tee. Management, legal, IT and com-pliance executives need to be involvedin such decisions. You may not know if
a formal investigation is required untilyou gather more information post-mortem.
Not every breach is serious. Its agood idea, however, to approach eachone as though it is. You have to deter-mine which systems were compro-mised, what was accessed, andwhether such information is coveredby what laws, regulations and con-tracts. Regardless of whats compro-mised, youll want to step back todetermine what needs to be improvedin order to prevent the same occur-
Chapter 4: CSI: Compliance
11 DATA SECURITY IN THE E-DISCOVERY PROCESS SEARCHCOMPLIANCE.COM
CHAPTER1
Ease the Painof E-discovery
CHAPTER2
E-discoveryGets Smart
CHAPTER3
Avoiding theBreach
CHAPTER4
CSI: Compliance
Noteverybreach is
serious. It isa good idea,
however, to approach
eachone as though it is.
8/6/2019 eDisco Compliance Whitepaper
12/13
rence. Your business may also bebound by data breach notificationlaws that require you to contact every-one whose personal information was
compromised, or even suspected ofbeing compromised.
You may also determine that theincident warrants getting law enforce-ment involved. A good rule of thumbis to get law enforcement involved ifyoure unsure. It pays to know yourlocal law enforcement agencys cyber-crime division. Knowing an independ-
ent forensics investigator or forensicsfirm would also be helpful.
How do I integrate computer
forensics technology with my
compliance program?Forensics is an aspect of informationsecurity, just like compliance. The twoareas are intertwined and need to fallunder the umbrella of your overall
information risk management pro-gram. The best advice is to not go atthis alone. You dont want to bear theburden of making the critical businessdecisions associated with compliance,forensics and information risk man-agement all by yourself. This will cometo light when something bad happensand a regulator, auditor or judge pinsyou down and wants to know the rea-soning and business justification forwhy you did or did not have controlsand response procedures in place. I
Kevin Beaver is an information security consultant
and expert witness, as well as a seminar leader and
keynote speaker at Atlanta-based Principle Logic
LLC. Write to him at [email protected].
Chapter 4: CSI: Compliance
12 DATA SECURITY IN THE E-DISCOVERY PROCESS SEARCHCOMPLIANCE.COM
CHAPTER1
Ease the Painof E-discovery
CHAPTER2
E-discoveryGets Smart
CHAPTER3
Avoiding theBreach
CHAPTER4
CSI: Compliance
Data Security in theE-discovery Process
is produced by CIO/IT Strategy Media,
2011 by TechTarget.
Jacqueline Biscobing
Managing Editor
Rachel Lebeaux
Assistant Managing Editor
Linda Koury
Director of Online Design
Kevin Beaver
Adrian Bowles
Contributing Writers
Ben Cole
Associate Editor
Scot Petersen
Editorial Director
FOR SALES INQUIRIES
Theron Shreve
Senior Product Manager
CIO/IT Strategy Media Group
(617) 431-9360
mailto:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]8/6/2019 eDisco Compliance Whitepaper
13/13
RESOURCES FROM OUR SPONSOR
See ad page 2
Get Your Free White Paper on How to Deal with Foreign Languages in eDiscovery
Sign Up for a Free Demo of iCONECTs Early Case Assessment and Review Solutions
Learn How to Reduce Risk and Secure eDiscovery Data - White Paper
About iCONECT:
iCONECT is an indispensible component of any organizations information-sharing strategy,
trusted by AmLaw200 firms, Global 1000, and legal departments within government agencies.
By understanding, anticipating, and simplifying our customers needs, iCONECT enables its
partners to deploy innovative, collaboration technology solutions that drive their bottom-line
revenues.
With iCONECT nXT, users can load, review, analyze, and produce more data than any otherlitigation support software on the market, collaboratively and cost effectively, from anywhere in
the world.
INCEPT is an early case assessment software program that allows you to ingest data and
remove unnecessary files, apply time and materials costs to your project, and then analyze the
result to understand how much relevant data you have.
http://www.iconect.com/lgen/reg_whitepaper.asp?wp=dwflhttp://www.iconect.com/lgen/reg_demo_request.asphttp://www.iconect.com/lgen/reg_whitepaper.asp?wp=rrsdhttp://www.iconect.com/lgen/reg_whitepaper.asp?wp=dwflhttp://www.iconect.com/lgen/reg_demo_request.asphttp://www.iconect.com/lgen/reg_whitepaper.asp?wp=rrsdhttp://www.iconect.com/